After a recent data breach where an adversary successfully exfiltrated sensitive data, the incident response team has completed the containment and eradication stages. Which action would BEST equip the team to perform root cause analysis and determine the original vulnerability exploited?
Scheduling a complete review of all organizational security policies and procedures
Conducting a thorough analysis of security logs for signs of initial compromise
Initiating a campaign to re-educate all users about phishing and social engineering
Running a comprehensive vulnerability scan on all networked systems
Conducting a thorough analysis of the security logs, especially around the time of the breach, will likely reveal the sequence of events that led to the breach, including the initial point of entry and methods used by the attacker. This detailed trail is indispensable for pinpointing the original vulnerability or misconfiguration that the attacker exploited. Simply running a vulnerability scan might identify potential vulnerabilities but would not confirm which were actually exploited. Organizational policy review and user education, while important, are less likely to directly lead to the discovery of the specific exploited vulnerability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of security logs should be analyzed for root cause analysis?
Open an interactive chat with Bash
What is the significance of identifying the original vulnerability in a data breach?
Open an interactive chat with Bash
How can vulnerability scans complement the analysis of security logs?